Commit Graph

4110 Commits (614250b4d82b7c471cc68ba011e7b3d658417f22)

Author SHA1 Message Date
Glenn Strauss 60b773a6cb [mod_authn_dbi] copy strings before escaping
dbi_conn_escape_string_copy() requires '\0'-terminated string.
While that is currently the case for strings in http_auth_info_t,
that will soon change, so consumers must use ai->username with ai->ulen,
and ai->realm with ai->rlen
2021-08-27 02:16:53 -04:00
Glenn Strauss 870b0c1343 [mod_auth] mod_auth_algorithm_parse() w/ algo len
mod_auth_algorithm_parse() now takes an additional arg: algorithm strlen
2021-08-27 02:16:53 -04:00
Glenn Strauss c841ce3b0b [mod_auth] mod_auth_digest_get()
create func mod_auth_digest_get() with code pulled from
mod_auth_check_digest(), and have mod_auth_check_digest()
call mod_auth_digest_get()
2021-08-27 02:16:53 -04:00
Glenn Strauss c987bec18e [multiple] use <algo>_iov() digest funcs
reduce code duplication
make it easier to add new algos

- leverage r->tmp_buf instead of temporary allocating buffer_init()
- mod_authn_file_htpasswd_basic()
  - compare binary SHA1 (shorter) rather than base64 (longer)
  - split crypt() from mod_authn_file_htpasswd_basic() to separate func
  - apr_md5_encode() modifications for slightly better performance
2021-08-27 02:16:53 -04:00
Glenn Strauss 396a923066 [core] li_base64_dec()
(make public in base64.h, like li_base64_enc())
2021-08-27 02:16:53 -04:00
Glenn Strauss db4af125c0 [core] add iovec wrappers to sys-crypto-md.h 2021-08-27 02:16:53 -04:00
Glenn Strauss ffc7a0bfd8 [mod_auth] merge some repeated code; code reuse 2021-08-27 02:16:53 -04:00
Glenn Strauss d22e94ac88 [core] clear etag in stat_cache_get_entry_open()
clear etag in stat_cache_get_entry_open() after opening file
(in case a different caller used stat_get_get_entry() and then file
changed before being opened)
2021-08-27 02:16:53 -04:00
Glenn Strauss 2d898bf9a9 [mod_magnet] sync script load w/ stat_cache
read file and use luaL_loadbuffer()
eliminate TOC-TOU race w/ independent stat() in stat_cache_get_entry()

restructure script_cache_get_script() into smaller funcs
2021-08-27 02:16:53 -04:00
Glenn Strauss e86dba5468 [mod_magnet] inline name and etag buffers in cache
also mark cache init and cache free funcs as cold
2021-08-27 02:16:53 -04:00
Glenn Strauss d5366c0aee [core] request_config_reset()
move configfile.c:config_reset_config()
  to reqpool.c:request_config_reset()
2021-08-27 02:16:53 -04:00
Glenn Strauss d38d5b4b48 [core] gw_host_get() comment out devel debugging
gw_host_get() comment out devel debugging trace
use variables within smaller scopes
2021-08-27 02:16:53 -04:00
Glenn Strauss b33d779865 [core] calculate backend host gw_hash at startup
- calculate backend host gw_hash at startup
- modify hash calculation at runtime to combine xor bits
  for hash value used in balancing selection
2021-08-27 02:16:53 -04:00
Glenn Strauss af3df29ae8 [multiple] reduce redundant NULL buffer checks
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func.  In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
  string will be ignored at runtime; at runtime, simple pointer check
  for NULL can be used to check for a value that has been set and is not
  blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
  and use buffer_is_unset() instead of buffer_is_empty(),
  where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
  known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
  truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
  - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
    (though we might set it to NULL if buffer_is_blank(cpv->v.b))
  - address of buffer is arg (&foo)
    (compiler optimizer detects this in most, but not all, cases)
  - buffer is checked for NULL earlier in func
  - buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
  callers must not pass a NULL buffer to some funcs.
  - buffer_init_buffer() requires non-null args
  - buffer_copy_buffer() requires non-null args
  - buffer_append_string_buffer() requires non-null args
  - buffer_string_space() requires non-null arg
2021-08-27 02:16:53 -04:00
Glenn Strauss 937d83b6cf [core] inline fam_dir_entry buffer 'name' member 2021-08-27 02:16:53 -04:00
Glenn Strauss 28804e8c80 [core] comment out unused part of http_etag_remix
note: etag buffer etag->ptr might be NULL (etag->used = etag->sze = 0)
so buffer will need to be extended, not truncated, in that case.
buffer_string_set_length() is typically used to truncate strings.
2021-08-27 02:16:53 -04:00
Glenn Strauss 7cd984c51d [core] adjust buffer use for hdr name for lshpack 2021-08-27 02:16:53 -04:00
Glenn Strauss a8b5ad2b5c [core] tweaks writing response header (better asm) 2021-08-27 02:16:53 -04:00
Glenn Strauss db853f9c05 [core] sock_addr_from_buffer_hints_numeric unused
comment out sock_addr_from_buffer_hints_numeric(); currently unused
2021-08-27 02:16:53 -04:00
Glenn Strauss 66626315ba [TLS] reset stek_rotate_ts if clock moves backward
reset stek_rotate_ts if clock moves backwards > 28800 seconds

  "Lighttpd 1.4.58 SSL connections stop working if system time of lighttpd server is changed to future one (+12h or even days)"
2021-08-27 02:16:53 -04:00
Glenn Strauss f8bd028dc0 [core] http_header_hkey_get() perf (better asm) 2021-08-27 02:16:53 -04:00
Glenn Strauss fbefda3524 [build] MacOS linker compat 2021-08-27 02:16:53 -04:00
Glenn Strauss bb1d35dc17 [build] autoupdate; still autoconf 2.60 compatible 2021-08-27 02:16:53 -04:00
Glenn Strauss 0507c82204 [build] adjustments for autotools on Mac OS X
(mod_auth_api.c would be part of mod_auth.c
 and mod_vhostdb_api.c would be part of mod_vhostdb.c
 if not for MacOS)

MacOS modules can link against .dylib, but not against other modules
MacOS link with -module produces a .so, which lighttpd uses
MacOS link without -module procudes a .dylib,
  but name *must* have prefix "lib...",
  which lighttpd "mod_*" do not have.

Other lighttpd build configs (CMake, SCONS, meson) might not work
on MacOS.  Patches (which do not make a huge mess of things) welcome.
2021-08-27 02:16:53 -04:00
Glenn Strauss c8820d2ecc [core] code reuse with array_match_value_prefix()
use array_match_value_prefix() when checking xdocroot
2021-08-27 02:16:53 -04:00
Glenn Strauss 1553dc7be8 [core] reduce repeated work in http_cgi_headers()
save string lengths for reuse
remove trailing slash from strip_request_uri at config time
2021-08-27 02:16:53 -04:00
Glenn Strauss 27b8f1d0b9 [core] compare entire "/bin/sh" "-c" after execve
compare entire "/bin/sh" "-c" strings after execve if execve fails
2021-08-27 02:16:53 -04:00
Glenn Strauss 4a246a8754 [TLS] write_cq_ssl defer remove_finished_chunks
not expecting 0-length chunks, but handle within loops as cold path

mark some cold paths in read_cq_ssl and write_cq_ssl callback funcs
2021-08-27 02:16:53 -04:00
Glenn Strauss 8b96169b68 [core] buffer_commit() optim; better asm 2021-08-27 02:16:53 -04:00
Glenn Strauss 6e6e8baae4 [core] connection_handle_read_state mark hot case
expect common case to receive completed set of headers
(e.g. from a TLS record or a non-TLS packet containing small header)
2021-08-27 02:16:52 -04:00
Glenn Strauss 01fdccd85a [core] network_write prefer writev() over write()
When writev() is available, always use writev() instead of write()
(Silently ignores config option to use write() if writev() is available)
(Still uses sendfile() instead of writev() when config selects sendfile)
2021-08-27 02:16:52 -04:00
Glenn Strauss c5dd8905e1 [core] network_write optimizations
more shared code, better asm
2021-08-27 02:16:52 -04:00
Glenn Strauss 41916b58de [core] return entry from array_insert_data_at_pos
(for convenience and to save a couple asm instructions)
2021-08-27 02:16:52 -04:00
Glenn Strauss cc8e710710 [core] make insert_dup an optional array method
make insert_dup an optional array method in data_methods
(currently used only for merging strings of type data_string)
2021-08-27 02:16:52 -04:00
Glenn Strauss 29b9735338 [mod_secdownload] include algo_hmac.c in mod
algo_hmac.c used only with mod_secdownload,
so include algo_hmac.c in mod_secdownload instead of lighttpd executable
2021-08-27 02:16:52 -04:00
Glenn Strauss 07aa7eedcc [core] comment out ck_getenv_s() (unused)
ck_getenv_s() not currently used in lighttpd;
lighttpd process env is stable
2021-08-27 02:16:52 -04:00
Glenn Strauss 0fd8918777 [mod_vhostdb*] rename http_vhostdb->mod_vhostdb_api
rename http_vhostdb.[ch] -> mod_vhostdb_api.[ch]
2021-08-27 02:16:52 -04:00
Glenn Strauss 3538f8f2a4 [mod_auth*] rename http_auth.* -> mod_auth_api.*
rename http_auth.[ch] -> mod_auth_api.[ch]
2021-08-27 02:16:52 -04:00
Glenn Strauss 1a8ac120b4 [mod_auth,mod_vhostdb] move helper funcs to mods
link http_auth.c into mod_auth
link http_vhostdb.c into mod_vhostdb
ensure that mod_auth loads before mod_authn_*
ensure that mod_vhostdb loads before mod_vhostdb_*
2021-08-27 02:16:52 -04:00
Glenn Strauss e110b062be [multiple] http_auth_digest_hex2bin -> li_hex2bin
move http_auth.c:http_auth_digest_hex2bin() to buffer.c:li_hex2bin()
for reuse, e.g. for use by mod_secdownload, which is not mod_auth*
2021-08-27 02:16:52 -04:00
Glenn Strauss 08c03cd450 [multiple] rename safe_memclear() -> ck_memzero() 2021-08-27 02:16:52 -04:00
Glenn Strauss 62ccda8592 [multiple] move const time cmp funcs to ck.[ch]
http_auth_const_time_memeq_pad() -> ck_memeq_const_time()
http_auth_const_time_memeq() -> ck_memeq_const_time_fixed_len()
2021-08-27 02:16:52 -04:00
Glenn Strauss 0286bdef0c [multiple] use thread-safe strerror where avail
use ck_strerror_s() to use strerror_s() or strerror_r() thread-safe and
constraint-checking interfaces, where available.
2021-08-27 02:16:52 -04:00
Glenn Strauss 86c39754f2 [core] ck.[ch] - C11 Annex K wrappers
(selected functions; not complete)

(import from one of my development branches from 2016)

define safe_memclear() -> ck_memzero() for transition
2021-08-27 02:16:41 -04:00
Glenn Strauss d4c1855578 [core] define __attribute_unused__ if needed 2021-05-21 17:34:00 -04:00
Glenn Strauss 4f8f83ea1d [core] move data_{array,integer,string} to array.c
move native data_* types into array.c
(the types are already declared in array.h)

The array data structure remains extendable, as is done with data_config
(configfile) and data_auth (mod_auth), though array data structure
primary uses are at startup (config time) and header parsing.  The
insertion logic into sorted list can be expensive for large lists,
so header parsing might choose a different data structure in the future.
2021-05-20 17:56:51 -04:00
Glenn Strauss fbe55825b4 [core] consolidate config printing code
funcs use only at startup and only for lighttpd -p
2021-05-20 17:56:51 -04:00
Glenn Strauss 942c2f6722 [core] remove excess counts from print config
remove excess counts from print config
simplify double-quoted string printing
2021-05-20 17:56:51 -04:00
Glenn Strauss 0329e765a3 [core] remove size maint in algo_splaytree
remove size maintenance tracking in algo_splaytree; not used in lighttpd
2021-05-20 17:56:51 -04:00
Glenn Strauss f2aacad079 [core] load padding char from base64_table
(triggers preload-access of table)
2021-05-20 17:56:51 -04:00